Systems and methods for utilizing wireless programmable credentials

ABSTRACT

Various embodiments of the present invention provide systems and methods for performing updates of credentials used in relation to RFID readers. As an example, some embodiments of the present invention provide methods for updating credentials capable of authorization to an RFID reader. Such methods include providing a cellular telephone that includes a memory, a cellular telephone interface, and an nfc interface. An access is received via the cellular telephone interface, and is stored to the memory. Communication with an RFID reader is initiated via the nfc interface, and the access update is provided to the RFID reader for authorization.

CROSS REFERENCE TO RELATED APPLICATIONS

The present application claims priority to PCT applicationPCT/US09/30202 entitled “Systems and Methods for Utilizing WirelessProgrammable Credentials” and filed Jan. 6, 2009 by Menzel; which inturn claims priority to (is a non-provisional of) U.S. ProvisionalPatent Application No. 61/019,560 entitled “Systems and Methods forProgramming and RFID Reader”, and filed Jan. 7, 2008 by Menzel. Theentirety of the aforementioned application is incorporated herein byreference for all purposes.

BACKGROUND OF THE INVENTION

The present invention is related to radio frequency identification(RFID) readers, and more particularly, to systems and methods forupdating credentials used in relation to RFID readers.

RFID readers are capable of reading a credential presented within adefined proximity of the RFID reader. Such a credential read may be usedas the basis of, for example, allowing access or another operationrequiring identification. In a typical scenario, a user is presentedwith a pre-programmed credential that the user may then present at anRFID reader. Once authorized by the RFID reader, the user is allowed toperform the function supported by the RFID reader. In many cases, it iscumbersome to require a user to go to a defined location to obtain thepre-programmed credential or to wait for such a credential to bephysically mailed to the user. Further, where a global or limited changeof access codes is desired, it is cumbersome and costly to require theusers to bring in their credentials for re-programming.

Hence, for at least the aforementioned reasons, there exists a need inthe art for advanced systems and methods for updating credentialscapable of authorization to one or more RFID readers.

BRIEF SUMMARY OF THE INVENTION

The present invention is related to radio frequency identification(RFID) readers, and more particularly, to systems and methods forupdating credentials used in relation to RFID readers.

Some embodiments of the present invention provide methods for updatingcredentials capable of authorization to an RFID reader. Such methodsinclude providing a cellular telephone that includes a memory, acellular telephone interface, and an nfc interface. An access isreceived via the cellular telephone interface, and is stored to thememory. Communication with an RFID reader is initiated via the nfcinterface, and the access update is provided to the RFID reader forauthorization.

In some instances of the aforementioned embodiments, the RFID reader isassociated with a location, and the cellular telephone is associatedwith a guest of the location. The RFID reader may be used, for example,to control access via a door to the location. In one or more instancesof the aforementioned embodiments, the methods further include receivinga request to grant access to the location from an owner of the location.In some cases, another cell phone is used by the owner of the locationto communicate with the guest. In such cases, the request for access maybe sent by the cellular telephone used by the owner, and the request isgranted by uploading the access update to the cellular telephone of theguest. In one or more instances, the methods may further includerevoking the access update.

In other instances of the aforementioned embodiments, two or more RFIDreaders are involved. In such instances, the access update provided tothe cellular telephone is a first authorization associated with a firstRFID reader, and the memory includes a second authorization associatedwith a second RFID reader. In such cases, the second RFID reader may beoperable to control access to a place of employment of a user associatedwith the cellular telephone, and the first RFID reader is operable tocontrol access to a safe house. In some cases, the methods furtherinclude receiving instructions at the cellular telephone directing theuser associated with the cellular telephone toward the safe house.

In yet other instances of the aforementioned embodiments, two or morecellular telephones may be used each receiving a portion of an accesscode. In such cases, authorization via the RFID reader occurs when theappropriate access code portions are received in a defined time frame.In such cases, a first part access code is provided to a first cellulartelephone and a second part access code is provided to a second cellulartelephone. When the two cellular telephones are brought withincommunicable proximity of the RFID reader, both the first part accesscode and the second part access code are transferred to the RFID reader.Upon receiving the appropriate access codes, authorization is completeand the RFID reader function is triggered. In some cases, the first partaccess code and the second part access code must be received within adefined time frame before authorization to the RFID reader is completed.

Other embodiments of the present invention provide secure access systemsthat include two or more cellular telephones. Each of the cellulartelephones includes a memory, a cellular telephone interface, and an nfcinterface. A processor based device is operable to transfer a first partaccess code to one of the cellular telephones via its cellular telephoneinterface, and to transfer a second part access code to another of thecellular telephones via its cellular telephone interface. Presentingboth the first cellular telephone and the second cellular telephonewithin communicable distance of an RFID reader results in transferringthe first part access code to the RFID reader and the second part accesscode to the RFID reader. Transfer of the first part access code and thesecond part access code is accomplished using the nfc interface ofrespective cellular telephones. In some cases, authorization to the RFIDreader only occurs where the first part access code and the second partaccess code are received by the RFID reader within a defined time frame.

Yet other embodiments of the present invention provide guest accesssystems that include a cellular telephone having a memory, a cellulartelephone interface, and an nfc interface; and a processor based devicethat is operable to receive an authorization from an authorizationsource, and based at least in part on the authorization, to transfer anaccess code to the cellular telephone via the cellular telephoneinterface. Presenting the cellular telephone to the RFID reader resultsin transferring the access code to the RFID reader via the nfcinterface.

This summary provides only a general outline of some embodimentsaccording to the present invention. Many other objects, features,advantages and other embodiments of the present invention will becomemore fully apparent from the following detailed description, theappended claims and the accompanying drawings.

BRIEF DESCRIPTION OF THE DRAWINGS

A further understanding of the various embodiments of the presentinvention may be realized by reference to the figures which aredescribed in remaining portions of the specification. In the figures,like reference numerals are used throughout several drawings to refer tosimilar components. In some instances, a sub-label consisting of a lowercase letter is associated with a reference numeral to denote one ofmultiple similar components. When reference is made to a referencenumeral without specification to an existing sub-label, it is intendedto refer to all such multiple similar components.

FIG. 1a depicts a cellular telephone including an RFID reader updatemodule capable of updating an RFID reader via a near field communicationprotocol in accordance with various embodiments of the presentinvention;

FIG. 1b depicts an RFID reader including a cellular telephone interfacein accordance with some embodiments of the present invention;

FIG. 2 shows a system for facilitating RFID reader updating using aportable update device in accordance with one or more embodiments of thepresent invention;

FIG. 3 depicts a system for facilitating direct RFID reader updatingusing an RFID reader incorporating a cellular telephone link inaccordance with some embodiments of the present invention;

FIG. 4 depicts a system for facilitating direct RFID reader updatingusing an ultra wideband link in accordance with various embodiments ofthe present invention;

FIG. 5 is a flow diagram showing a method in accordance with one or moreembodiments of the present invention for performing an RFID readerupdate;

FIG. 6 shows a system in accordance with some embodiments of the presentinvention for performing a credential update;

FIG. 7 is a flow diagram showing a method in accordance with one or moreembodiments of the present invention for remotely updating credentials;

FIG. 8 shows a system in accordance with various embodiments of thepresent invention for performing a remote authorization of guest access;

FIG. 9 is a flow diagram showing a method in accordance with one or moreembodiments of the present invention for remote authorization of guestaccess;

FIG. 10 depicts a system in accordance with some embodiments of thepresent invention for providing access security;

FIG. 11 is a flow diagram showing a method in accordance with one ormore embodiments of the present invention for emergency location accessauthorization; and

FIG. 12 is a flow diagram showing a method in accordance with someembodiments of the present invention for multi-part credential updating.

DETAILED DESCRIPTION OF THE INVENTION

The present invention is related to radio frequency identification(RFID) readers, and more particularly, to systems and methods forupdating credentials used in relation to RFID readers.

Some embodiments of the present invention provide systems and methodsfor updating an RFID reader. As used herein, the phrase “RFID reader” isused in its broadest sense to mean any device that is capable wirelessinteraction with a credential, and upon recognizing or authorizing thecredential, a particular function is implemented. Such a function maybe, but is not limited to, performing a payment or value transfer froman individual associated with the credential or allowing access via anaccess point associated with the RFID reader. The performed functionand/or access to the performed function may be modified by providing anRFID reader update to the RFID reader. As used herein, the phrase “RFIDreader update” is used in its broadest sense to mean any modificationthat operates to change the functionality of the RFID reader. As justone example, an RFID reader update may be a set of firmware or softwareinstructions written to the memory of the RFID reader that cause achange in functionality of the RFID reader. The change in functionalitymay be, but is not limited to, a change in authorization codes acceptedby the RFID reader or a change in the function of the RFID reader uponsuccessfully authorizing a credential. Based upon the disclosureprovided herein, one of ordinary skill in the art will recognize avariety of RFID reader updates that may be used in relation to differentembodiments of the present invention.

As used herein, the term “credential” is used in its broadest sense tomean any portable device that includes information useful in completingan access and/or transaction. Thus, for example, a credential may be asmart card with information allowing a user of the credential to passthrough an access point. Such credentials may be, but are not limitedto, access control cards, smart cards, cellular telephones, personaldigital assistants, and/or the like. Such credentials may be capable ofcommunicating via a wireless communication interface. The wirelesscommunication interface may be, but is not limited to, a radio frequencyinterface, an optical interface, or the like. Based upon the disclosureprovided herein, one of ordinary skill in the art will recognize avariety of credentials and mechanisms for facilitating communicationwith RFID readers that may be used in relation to different embodimentsof the present invention.

As an example, a method for updating an RFID reader is disclosed thatincludes transferring an RFID reader update to a portable update devicevia a wireless communication link. The portable update device is movedwithin proximity of the RFID reader that detects the presence of theportable update device. The RFID reader update is transferred to theRFID reader. The RFID reader update modifies operation of the RFIDreader. As used herein, the phrase “portable update device” is used inits broadest sense to mean any portable device that is capable ofinteracting with an RFID reader. As defined herein, credentials may beused as portable update devices. Based upon the disclosure providedherein, one of ordinary skill in the art will recognize a variety ofportable update devices that may be used in relation to differentembodiments of the present invention.

In some cases, the portable update device is a cellular telephone thatsupports near field communication. In some such instances, the nearfield communication is used to transfer the RFID reader update to theRFID reader using a programming frequency and protocol recognized by theRFID reader. As used herein, the phrase “near field communication” or“nfc” (without capitalized letters) is used in its broadest sense tomean any wireless communication protocol that allows for two devicesdisposed close together to transfer information. As just one example,near field communication may be Near Field Communication or NFC (withcapitalized letters). Such Near Field Communication may be, for example,compliant with either Near Field Communication Interface and Protocol-1(ISO/IEC 18092/ECMA-340) or Protocol-2 (ISO/IEC 21481/ECMA-352). Asspecified, Near Field Communication operates at 13.56 MHz and transfersdata at up to 424 Kbits/second. Near Field Communication provides theability to both read and write between devices that are within tencentimeters of each other. The data transfer is effectuated via magneticfield induction where two loop antennas are located within one another'snear field, effectively forming an air-core transformer. Near FieldCommunication commonly operates in either a passive communication modeor an active communication mode. In the passive communication mode, theinitiating device provides a carrier field and the target device answersby modulating existing field. In this mode, the target device may drawits operating power from an electromagnetic field provided by theinitiating device, thus eliminating the need for an internal powersupply. In the active communication mode, both the initiating device andthe target device communicate by alternately generating their ownelectromagnetic field. A receiving device deactivates its RF field whileit is waiting for data from the other device. In this mode, both deviceswould typically have some access to a power source independent of theother device. As another example, near field communication may be acommunication protocol consistent with the ISO 14443 proximity-cardstandard. Based on the disclosure provided herein, one of ordinary skillin the art will recognize a variety of near field communicationprotocols, techniques and/or frequencies that may be used in relation todifferent embodiments of the present invention.

Turning to FIG. 1a , a block diagram of a cellular telephone 100 isshown. Cellular telephone 100 includes a cellular telephone interface114, a processor 116, a web browser application 118, an RFID readerupdate application 120, and an nfc interface 122. Cellular telephoneinterface 114 is capable of receiving and transmitting information via acellular telephone link. Cellular telephone interface 114 may be anycellular telephone interface known in the art. Any received informationis provided to a processor 116. Similarly, processor 116 providesinformation that is to be transmitted to cellular telephone interface114. Processor 116 may be any device capable of executing software orfirmware instructions to cause cellular telephone 100 to perform definedfunctions. A memory 112 is included that is capable of storinginformation that is to be used by cellular telephone 100. In some cases,memory 112 stores software or firmware instructions executable byprocessor 116 to perform defined functions. Memory 112 may be any devicecapable of storing data. For example, memory may be an SRAM, a DRAM, aFlash DRAM, an EPROM, EEPROM, and/or the like. Based on the disclosureprovided herein, one of ordinary skill in the art will recognize avariety of memory types and/or combinations thereof that may be used toimplement memory 112. Web browser application 118 allows for searchingthe Internet via cellular telephone interface 114 as is known in theart.

RFID reader update application 120 is capable of providing an RFIDreader update in a format that nfc interface 122 is capable oftransmitting to an RFID reader via a near field communication link. Ingeneral, the RFID reader update includes a first set of instructionsoperable to uniquely identify the particular RFID reader that is to beupdated. A second set of instructions are included that are operable tocause an RFID reader to write subsequent information to a definedlocation in the memory of the RFID reader. The RFID reader update alsoincludes subsequent data that, in accordance with the preceding writeinstructions, is written to the defined location in the RFID readermemory. This subsequent information may be either data or firmwareinstructions designed to modify operation of the RFID reader. Thesubsequent data may include, for example, replacement or additionalauthorization codes. As another example, the subsequent data may includefirmware instructions causing the RFID reader to perform communicationswith presented credentials at additional frequencies. Based on thedisclosure provided herein, one of ordinary skill in the art willrecognize a variety of data and/or firmware instructions that may beprepared for writing by RFID reader update application 120. The RFIDreader update may also include a final set of instructions closing offcommunication. The nfc interface 122 may be any interface known in theart that is capable of carrying out near field communications with anRFID reader.

In operation, cellular telephone 100 receives an RFID reader update viacellular telephone interface 114. Processor 116 stores the RFID readerupdate to memory 112. When cellular telephone 100 is brought withinproximity of an RFID reader, attempts to communicate with the RFIDreader is performed via nfc interface 122. Once nfc communications areestablished with the RFID reader, the RFID reader update application 120requests identification information from the RFID reader. Where theidentification information corresponds to the RFID reader update to beprogrammed, the RFID reader update is pulled from memory 112 by RFIDreader update application 120 and transmitted to the RFID reader via nfcinterface 122.

Turning to FIG. 1b , an RFID reader 150 including a cellular telephoneinterface 178 is shown in accordance with some embodiments of thepresent invention. In particular, RFID reader 150 includes an RFIDinterface 172, a processor 174, firmware memory 176, and an RFID readerfunction 180. Cellular telephone interface 178 may be any cellulartelephone interface known in the art that provides at least forreceiving information via a cellular network. RFID interface 172 may beany interface known in the art that allows for receiving wirelesscommunications at an RFID reader. RFID reader function 180 is a controlcircuit that effectuates the function that is to be performed by RFIDreader 150. Thus, for example, where RFID reader 150 is used toauthorize access via an access point such as a physical doorway, RFIDreader function 180 provides an electronic unlock signal to a lockcontrolling access via the doorway when an authorized credential isbrought within proximity of the RFID reader. Based upon the disclosureprovided herein, one of ordinary skill in the art will recognize avariety of functions that may be implemented by RFID reader function180. Firmware memory 176 stores instructions executable by processor174. Firmware memory 176 may be any device capable of storing data. Forexample, memory may be an SRAM, a DRAM, a Flash DRAM, an EPROM, EEPROM,and/or the like. Based on the disclosure provided herein, one ofordinary skill in the art will recognize a variety of memory typesand/or combinations thereof that may be used to implement memory 176.

Turning to FIG. 2, an RFID reader update system 200 is shown inaccordance with one or more embodiments of the present invention. RFIDreader update system 200 includes a cellular telephone 200 that iscommunicably coupled to a server 250 via a communication network 240. Inone implementation, communication network 240 includes a cellulartelephone network. Server 250 provides a remote control that is capableof uploading information to cellular telephone 200. This uploadedinformation may then be downloaded to an RFID reader 270 once cellulartelephone 200 is brought within a communicable proximity of RFID reader270. RFID reader 270 includes an RFID interface 272, a processor 274 andfirmware memory 276. RFID device 270 operates similar to that describedin relation to RFID reader 150, except that there is no cellulartelephone interface.

In operation, a command to update RFID reader 270 along with an RFIDreader update is sent from server 250 to cellular telephone 200 viacommunication network 240. In some cases, the command to update RFIDreader 270 is sent as a text message to cellular telephone 200 that mayinclude, for example, instructions on where the target RFID reader(s) islocated. In addition to the text message, an RFID reader update is sentto cellular telephone 200. In yet other cases, web browser application118 of cellular telephone 200 may be used to request an RFID readerupdate from server 250. The received RFID reader update is directed byprocessor 116 to memory 112. Cellular telephone 200 is then moved withinproximity of RFID reader 270. When cellular telephone 200 is withincommunicable proximity of RFID reader 270, RFID reader 270 and cellulartelephone 200 begin a communication session using nfc interface 122 asis known in the art. The nfc interface 122 indicates the ongoingcommunication session to RFID reader update application 120, and inresponse, RFID reader update application 120 accesses the previouslyreceived RFID reader update from memory 112 and provides the RFID readerupdate to RFID reader 270 via nfc interface 122. As an example, the RFIDreader update may include, but is not limited to, a first set ofinstructions that are operable to cause an RFID reader to writesubsequent information to a defined location in the memory of the RFIDreader. The RFID reader update also includes subsequent data that, inaccordance with the preceding write instructions, is written to thedefined location in the RFID reader memory. This subsequent informationmay be either data or firmware instructions designed to modify operationof the RFID reader. The RFID reader update finishes with a set ofinstructions closing off communication. Upon writing the RFID readerupdate to RFID reader 270, the operation of RFID reader 270 is changedto conform to the update.

Turning to FIG. 3, an RFID reader update system 300 facilitating directRFID reader updating using a cellular telephone link is shown inaccordance with one or more embodiments of the present invention. RFIDreader update system 300 includes a server 350 that is communicablycoupled to one or more RFID readers 370 via a communication network 340.Similar to RFID reader 150, RFID readers 370 each include a cellulartelephone interface 178 capable of receiving cellular telephonecommunications via communication network 340. Each of RFID readers 370is further capable of authorizing one or more credentials 305 via RFIDreader interface 172 that are brought within communicable proximity ofthe particular RFID reader 370.

In operation, an RFID reader update is sent from server 350 to aselected one of RFID readers 370 or to a group of RFID readers 370 viacellular telephone interfaces 178 that are included in each of thereaders. The RFID reader update may include, for example, instructionson where in firmware memory 176 to write the update and the actualupdate. Once received, via cellular telephone interface 178, the RFIDreader update is passed to processor 174. In turn, processor 174 writesthe received RFID update the appropriate memory locations in firmwarememory 176. Upon writing the RFID reader update to RFID reader(s) 370,the operation of RFID reader(s) 370 is changed to conform to the update.

Turning to FIG. 4, an RFID reader update system 400 for facilitatingdirect RFID reader updating using an ultra wideband link is shown inaccordance with various embodiments of the present invention. As shown,RFID reader update system 400 includes a server 450 that is communicablycoupled to one or more RFID readers 460 via an ultra wideband hub 420.Ultra wideband hub 420 is capable of communicating with RFID reader 460,along with various other ultra wideband devices 440. Ultra wideband hub420 includes an ultra wideband transmitter 430 that transmits variousinformation to one or more devices capable of ultra widebandcommunications. As noted above, one of the devices is RFID reader 460that includes an ultra wideband capable RFID interface 462. In somecases, RFID interface 462 is capable of receiving standard RFIDcommunications along with ultra wideband communications using the samecircuitry. RFID reader 460 further includes a processor 464, a firmwarememory 466, and an RFID function 480. RFID function 480 is a controlcircuit that effectuates the function that is to be performed by RFIDreader 460. Thus, for example, where RFID reader 460 is used toauthorize access via a physical doorway, RFID reader function 480provides an electronic unlock signal to a lock controlling access viathe doorway when an authorized credential is brought within proximity ofthe RFID reader. Based upon the disclosure provided herein, one ofordinary skill in the art will recognize a variety of functions that maybe implemented by RFID reader function 480.

In operation, an RFID reader update is sent from server 450 to RFIDreader 460 via ultra wideband hub 420. The ultra wideband communicationincluding the RFID reader update is received by ultra wideband capableRFID interface 462 and passed to processor 464. The RFID reader updatemay include, for example, instructions on where in firmware memory 466to write the update and the actual update. Processor 464 writes theupdate to the appropriate location in firmware memory 466. Upon writingthe RFID reader update to RFID reader 460, the operation of RFID reader460 is changed to conform to the update.

Turning to FIG. 5, a flow diagram 500 depicts a method in accordancewith one or more embodiments of the present invention for performing anRFID reader update. Following flow diagram 500, it is determined whetheran RFID reader update is available (block 505). This may include, forexample, identifying a new RFID reader update in a server supporting theupdate system. In some cases, determining that a new RFID reader updateis available includes modifying an existing RFID reader program andidentifying the program as an update. In various cases, identifying anew update may be initiated remotely by a technician using a cellulartelephone to request a new update. It is then determined whether adirect update capability exists (block 510). Direct update capabilityprovides an ability to communicate directly with an RFID reader via acommunication network. Such direct update capability may be, forexample, facilitated by a cellular telephone interface integrated intothe RFID reader that is to be updated. As another example, directupdates may be facilitated by ultra wideband communication. Based uponthe disclosure provided herein, one of ordinary skill in the art willrecognize a variety of direct update approaches that may be used inrelation to different embodiments of the present invention.

Where direct update capability exists (block 510), the RFID readerupdate is transferred to the identified RFID reader via the directupdate interface (block 520). The transferred RFID reader update mayinclude an initial set of instructions that are operable to cause anRFID reader to write subsequent information to a defined location in thememory of the RFID reader. The RFID reader update also includessubsequent data that, in accordance with the preceding writeinstructions, is written to the defined location in the RFID readermemory. This subsequent information may be either data or firmwareinstructions designed to modify operation of the RFID reader. Thesubsequent data may include, for example, replacement or additionalauthorization codes. As another example, the subsequent data may includefirmware instructions causing the RFID reader to perform communicationswith presented credentials at additional frequencies. The RFID readerupdate may also include a final set of instructions closing offcommunication. Once the RFID reader update is transferred, thefunctionality of the receiving RFID reader is modified in accordancewith the update.

Alternatively, where direct update capability does not exist (block510), a portable update device is selected to perform the update (block515). This may include, for example, selecting the cellular telephone ofa technician in the general area of the RFID reader that is to beupdated. As another example, where a request for an update is receivedfrom a technician, the cellular telephone of the technician may bechosen to perform the update. Once the portable update device isidentified, the RFID reader update is transferred to the identifiedportable update device (block 540). This may include, for example,providing the RFID reader update to an identified cellular telephone viaa cell communication link. The RFID reader update may indicate aparticular RFID reader or class of RFID readers to which the RFID readerupdate is to be applied. In addition, a text message may be sent to theportable update device providing instructions for uploading the RFIDreader update to an RFID reader. The portable update device is thenmoved within communicable distance of an RFID reader (block 525). Bybringing the portable update device within communicable distance, an nfccommunication is initiated between the portable update device and theRFID reader.

With communications with the RFID reader established, the portableupdate device pulls the previously received RFID reader update frommemory and transfers it to the RFID reader (block 530). The transferredRFID reader update may include an initial set of instructions that areoperable to cause an RFID reader to write subsequent information to adefined location in the memory of the RFID reader. The RFID readerupdate also includes subsequent data that, in accordance with thepreceding write instructions, is written to the defined location in theRFID reader memory. This subsequent information may be either data orfirmware instructions designed to modify operation of the RFID reader.The subsequent data may include, for example, replacement or additionalauthorization codes. As another example, the subsequent data may includefirmware instructions causing the RFID reader to perform communicationswith presented credentials at additional frequencies. The RFID readerupdate may also include a final set of instructions closing offcommunication. Once the RFID reader update is transferred, thefunctionality of the receiving RFID reader is modified in accordancewith the update.

Turning to FIG. 6, a credential update system 600 is depicted inaccordance with some embodiments of the present invention. Credentialupdate system 600 includes one or more cellular telephones 600 that areeach communicably coupled to a server 650 via a communication network640. In one implementation, communication network 640 includes acellular telephone network. Server 650 is capable of processing requeststo upload new or modified authorization codes to cellular telephone(s)600. In some cases, server 650 may be used to modify access codes tomany cellular telephones 600 as part of upgrading an access controlsystem, or of providing an authorization code to a newly authorizedcredential or of modifying the authorization codes maintained by acurrently authorized credential. The uploaded authorization codes arereceived from server 650 via cellular telephone interface 114. Cellulartelephone interface 114 provides the received authorization code(s) toprocessor 116 that stores the received information to memory 112. Whencellular telephone 600 is brought within communicable distance of anRFID reader 670, an nfc communication is initiated using nfc interface122. Once initiated, nfc interface 122 requests authorizationinformation from an RFID reader authorization application 620. RFIDreader authorization application 620 pulls the uploaded authorizationinformation from memory 112, and provides the authorization informationto nfc interface 122. The authorization information is then provided toRFID interface 272 via the nfc communication channel. Where theauthorization is recognized by RFID reader 670, the function of RFIDreader 670 is triggered. Thus, for example, where RFID reader 670 isassociated with a doorway, once the authorization is accepted, the dooris opened. Based upon the disclosure provided herein, one of ordinaryskill in the art will recognize a variety of RFID functions that may beperformed by RFID reader 670.

FIG. 7 is a flow diagram 700 showing a method in accordance with one ormore embodiments of the present invention for remotely updatingcredentials. Following flow diagram 700, it is determined whether arequest is received to authorize access via a new credential (block705). Such a request may be entered, for example, via a serversupporting a credential update system. Entry into the server may be donedirectly on the server, or remotely by calling in from a cellulartelephone or via the Internet. Based upon the disclosure providedherein, one of ordinary skill in the art will recognize a variety ofapproaches that may be used for requesting new credential access. Wherea request to authorize access via a new credential is received (block705), access information for the new credential is identified (block715). This access information may be, for example, included in thereceived request. As one example, where the credential is embodied in acellular telephone, the access information may include the telephonenumber for the cellular telephone. Once the access information isidentified (block 715), an authorization code(s) corresponding therequested access authorization is transferred to the credential (block720). Where, for example, the credential is a cellular telephone, theauthorization code(s) is received via the cell interface of the cellulartelephone and stored to the memory of the cellular telephone. At thisjuncture, the credential is capable of authorizing to one or more RFIDreaders utilizing the authorization code(s). In addition to transferringthe authorization code(s), the credential is identified on a list ofcredentials capable of accessing particular RFID readers that ismaintained by the server (block 725).

Alternatively, where a request to authorize access via a new credentialis not received (block 705), it is determined whether a request tomodify an authorization code(s) in a currently authorized credential isreceived (block 710). Where such a request is received (block 710),access information for the credential is identified (block 730). Thisaccess information may be, for example, included in the receivedrequest. As one example, where the credential is embodied in a cellulartelephone, the access information may include the telephone number forthe cellular telephone. Once the access information is identified (block730), it is determined whether one or more authorization codesmaintained by the credential are to be modified or whether one or moreauthorization codes are to be removed or revoked (block 735). Whereexisting authorization codes are to be removed or revoked (block 735),an upload is performed to the credential that operates to delete oroverwrite the previously provided authorization code(s) maintained inthe memory of the credential (block 740). Once this is completed, thecredential is no longer able to authorize to the RFID readers associatedwith the request. Further, the credential is removed from a list ofcredentials capable of accessing particular RFID readers that ismaintained by the server (block 745). Alternatively, where existingauthorization codes are to be modified (block 735), an upload isperformed to the credential that operates to overwrite the previouslyprovided authorization code(s) maintained in the memory of thecredential with the new authorization code(s) (block 750). Once this iscompleted, the credential is able to authorize to the RFID readersassociated with the request using the modified information.

Turning to FIG. 8, a remote authorization, guest access system 800 isdepicted in accordance with some embodiments of the present invention.Remote authorization, guest access system 800 includes one or morecellular telephones 800 that are each communicably coupled to a server850 via a communication network 840. In one implementation,communication network 840 includes a cellular telephone network. Server850 is capable of receiving a request to grant or revoke authorizationfor a given credential, and to implement the request by accessing theidentified credential. As an example, a request to access a location 860may be sent from a guest via their cellular telephone 800 a to acellular telephone 800 b of the owner of location 860. This request maybe received as, for example, an audio conversation or a text message.The owner may then decide to grant the request or not. Where a decisionis made to grant the request, the owner may send an authorizationrequest to server 850 via communication network 840. The authorizationrequest indicates to server 850 that cellular telephone 800 a should beupdated to allow access to location 860.

In response to the authorization request, server 850 uploads anauthorization code(s) for an RFID reader 870 to cellular telephone 800a. The uploaded authorization code(s) are received from server 850 viacellular telephone interface 114. Cellular telephone interface 114provides the received authorization code(s) to processor 116 that storesthe received information to memory 112. When cellular telephone 800 a isbrought within communicable distance of RFID reader 870, an nfccommunication is initiated using nfc interface 122. Once initiated, nfcinterface 122 requests authorization information from RFID readerauthorization application 620. RFID reader authorization application 620pulls the uploaded authorization information from memory 112, andprovides the authorization information to nfc interface 122. Theauthorization information is then provided to RFID interface 272 via thenfc communication channel. Where the authorization is recognized by RFIDreader 870, an RFID reader function 880 is triggered. In this case, RFIDreader function 880 operates to grant access to location 860 byunlocking a door where an authorized credential is presented.

Turning to FIG. 9, a flow diagram 900 shows a method in accordance withone or more embodiments of the present invention for remoteauthorization of guest access. Following flow diagram 900, a request foraccess is received (block 905). This may include, for example, receiptof a request from a potential guest to access a particular property. Theguest may be, but is not limited to, a realtor trying to show aproperty, a friend trying to access a residence when the owner is nothome, or a client trying to access a condominium that they have rented.Based upon the disclosure provided herein, one of ordinary skill in theart will recognize a variety of guests that may be granted access to alocation. It should further be noted that while access is beingdiscussed in relation to a property, that access could be granted to,for example, an item. Based on the disclosure provided herein, one ofordinary skill in the art will recognize a variety of properties, itemsand/or operations to which a guest may request access.

The request is provided to an authorized entity or person thatdetermines whether to grant the request (block 910). For example, wherethe request is to access a residence, the request may be sent to theowner of the residence. In some cases, the authorized entity may be acomputer capable of determining whether the requestor should beauthorized. Where the request is accepted by the authorized person orentity (block 910), an authorization request is sent by the authorizingparty to a server supporting a remote authorization, guest access system(block 915). The request may be, for example, in the form of a textmessage to the server that the server is able to automatically parse andauthorize. Alternatively, the authorizing party may use a web browser toaccess the server and authorize the grant of access. A typicalauthorization request includes access information for the credentialthat is to be authorized, a duration of the authorization, andinformation capable of assuring that the party submitting theauthorization request has authority to grant access. Based upon thedisclosure provided herein, one of ordinary skill in the art willrecognize a variety of mechanisms that may be used to provide a requestto grant access to the server supporting a remote authorization, guestaccess system.

Once the request is received at the server (block 920), the serverparses the request to identify access information for the credentialthat is to be authorized (block 925). As one example, where thecredential is embodied in a cellular telephone, the access informationmay include the telephone number for the cellular telephone. Once theaccess information is identified (block 925), an authorization code(s)corresponding the requested access authorization is transferred to thecredential (block 930). Where, for example, the credential is a cellulartelephone, the authorization code(s) is received via the cell interfaceof the cellular telephone and stored to the memory of the cellulartelephone. At this juncture, the credential is capable of authorizing toone or more RFID readers utilizing the authorization code(s). In somecases, transferring the authorization code(s) further includes sending amessage (e.g., voice or text) to both the authorizing party and theguest. In some cases, this may be to the cellular telephones of the twoparties, or to some other designated message area such as a remote emailtool. The newly authorized credential is identified on a list ofcredentials capable of accessing the RFID reader associated with therequest that is maintained by the server (block 935). Further, where theduration of the authorization is finite, that duration is recorded andmonitored by the server (block 940). As an example, an authorization maybe granted to a guest for a three day period. Based upon the disclosureprovided herein, one of ordinary skill in the art will recognizeappropriate durations depending upon the particular scenario.

As shown in a flow diagram 901, the server continues to monitor theduration of the authorization. When the duration expires (block 951),the server identifies the access information for the credential (block961). The access information is used to access the credential andoverwrite or otherwise revoke the previously provided authorizationcode(s) (block 971). Once the revocation is complete, the credential isno longer capable of authorizing itself to the RFID reader. With thiscomplete, the credential is removed from the server maintained list ofcredentials capable of accessing the RFID reader associated with therequest (block 981).

Turning to FIG. 10, an emergency access security system 1000 is depictedin accordance with various embodiments of the present invention.Emergency access security system 1000 includes one or more cellulartelephones 1095 that are each communicably coupled to a server 1050 viaa communication network 1040. In one implementation, communicationnetwork 1040 includes a cellular telephone network. Server 1050 iscapable of receiving a request to grant or revoke authorization for agiven credential, and to implement the request by accessing theidentified credential. As an example, all of cellular telephones 1095may be held by employees of a company operating at a facility 1090.Access to facility 1090 is controlled by an RFID reader 1080. As such,cellular telephones 1095 are originally capable of authorizing to RFIDreader 1080. An emergency associated with the company or region in whichthe company is operating may be detected. In such a case, it may be thecompany's desire to direct its employees to a safe house 1060. In such acase, server 1050 may upload a text message to each of cellulartelephones 1095 instructing the employee holding that phone to report tosafe house 1060. In addition, server 1050 uploads an authorization codeenabling cellular telephones 1095 as access credentials capable ofauthorization to an RFID reader 1070 controlling access to safe house1060. The authorization code is provided via cellular telephoneinterface 114 and stored to memory 112.

Once the newly enabled cellular telephone 1095 is brought withincommunicable proximity of RFID reader 1070, an nfc communication isinitiated using nfc interface 122. Once initiated, nfc interface 122requests authorization information from an RFID reader authorizationapplication 620. RFID reader authorization application 620 pulls theuploaded authorization information from memory 112, and provides theauthorization information to nfc interface 122. The authorizationinformation is then provided to RFID interface 272 via the nfccommunication channel. Where the authorization is recognized by RFIDreader 1070, access to safe house 1060 is granted by unlocking a doorassociated with RFID reader 1070.

Turning to FIG. 11, a flow diagram 1100 shows a method in accordancewith one or more embodiments of the present invention for emergencylocation access authorization. Following flow diagram 1100, an emergencycondition is identified (block 1105). This may include, for example,identifying a state of emergency in a city where a multi-nationalcompany does business. An access enable request is prepared for anypersonnel that may be affected by the identified emergency condition(block 1110). Such an access enable request may include, for example,directions to a safe house, one or more authorization codes allowingaccess to the safe house, and a list of access information forcredentials held by personnel that may be affected by the emergencysituation. This information is sent to a server supporting an emergencyaccess security system (block 1115).

Once the request is received at the server (block 1120), the serverparses the request to select the first credential in the list (block1125) and to identify access information for that credential (block1130). As an example, where the credential is embodied in a cellulartelephone, the access information may include the telephone number forthe cellular telephone. Once the access information is identified (block1130), an authorization code(s) corresponding the requested accessauthorization is transferred to the credential (block 1135). Where, forexample, the credential is a cellular telephone, the authorizationcode(s) is received via the cell interface of the cellular telephone andstored to the memory of the cellular telephone. At this juncture, thecredential is capable of authorizing to one or more RFID readersutilizing the authorization code(s). In some cases, transferring theauthorization code(s) further includes sending a message (e.g., voice ortext) to the party holding the credential guest. This message mayinclude, for example, instructions on the location of the safe house.The newly authorized credential is identified on a list of credentialscapable of accessing the RFID reader associated with the request that ismaintained by the server (block 1140). It is then determined whetherthere is another credential on the list that remains to be authorized(block 1145). Where there is another credential to be authorized (block1145), the next credential is selected (block 1150) and the processes ofblocks 1130-1140 are repeated for the additional credential.

Turning to FIG. 12, a flow diagram 1200 shows a method in accordancewith some embodiments of the present invention for multi-part credentialupdating. Following flow diagram 1200, a secure access condition isidentified (block 1205). This may include, for example, receiving arequest to access a secure location or secure information by a party. Insome such cases, heightened security is imposed that requires twoauthorized individuals to operate together when accessing the securelocation. In such a case, a multipart access enable is prepared (block1210). The multipart request includes an authorization code that is tobe provided to one credential and another authorization code that is tobe provided to another credential. In addition, the multipart requestmay include a duration associated with the authorization. Only when bothcredentials simultaneously within communicable distance of an RFIDreader will the RFID reader grant access. As such, the RFID readerenforces the two person security. The multipart access enable isprovided to a server supporting a secure access system.

Once the request is received at the server (block 1220), the serverparses the request and selects the first credential (block 1225). Accessinformation for the first credential is identified (block 1230) and thefirst part of the multipart authorization code is provided to theidentified credential (block 1235). As one example, where the firstcredential is embodied in a cellular telephone, the access informationmay include the telephone number for the cellular telephone. Thetransferred authorization code(s) is received via the cell interface ofthe cellular telephone and stored to the memory of the cellulartelephone. At this juncture, the first credential is capable ofauthorizing to one or more RFID readers utilizing the authorizationcode(s) assuming the second credential is simultaneously withincommunicable distance. The second credential is selected (block 1240).Access information for the second credential is identified (block 1245)and the second part of the multipart authorization code is provided tothe identified credential (block 1250). As an example, where the secondcredential is embodied in a cellular telephone, the access informationmay include the telephone number for the cellular telephone. Thetransferred authorization code(s) is received via the cell interface ofthe cellular telephone and stored to the memory of the cellulartelephone. At this juncture, the second credential is capable ofauthorizing to one or more RFID readers utilizing the authorizationcode(s) assuming the first credential is simultaneously withincommunicable distance. The newly authorized credentials are identifiedon a list of credentials capable of accessing the RFID reader associatedwith the request that is maintained by the server (block 1255). Further,where the duration of the authorization is finite, that duration isrecorded and monitored by the server (block 1260).

As shown in a flow diagram 1201, the server continues to monitor theduration of the authorization. When the duration expires (block 1251),the server identifies the access information for the credential (block1261). The access information is used to access the credential andoverwrite or otherwise revoke the previously provided authorizationcode(s) (block 1271). Once the revocation is complete, the credential isno longer capable of authorizing itself to the RFID reader. With thiscomplete, the credential is removed from the server maintained list ofcredentials capable of accessing the RFID reader associated with therequest (block 1281).

In conclusion, the present invention provides novel systems, devices,methods and arrangements for upgrading and/or accessing RFID readers.While detailed descriptions of one or more embodiments of the inventionhave been given above, various alternatives, modifications, andequivalents will be apparent to those skilled in the art without varyingfrom the spirit of the invention. Therefore, the above descriptionshould not be taken as limiting the scope of the invention, which isdefined by the appended claims.

What is claimed is:
 1. A method for updating at least one of a pluralityof radio-frequency identification (RFID) readers, the method comprising:determining at a server that an RFID reader update is available;identifying a cellular telephone that is near an RFID reader to beupdated, the cellular telephone including a memory, a cellular telephoneinterface, and near-field communication (NFC) interface; sending theRFID update to the cellular telephone near the RFID reader to beupdated; receiving an RFID reader update at the cellular telephone viathe cellular telephone interface, the RFID reader update including afirst set of instructions operable to uniquely identify the RFID readerto be updated; storing the RFID reader update in the cellular telephonememory; initiating a communication session with an RFID reader via theNFC interface; requesting identification information from the RFIDreader; comparing the received identification information to the firstset of instructions to determine if the RFID reader should receive theupdate; and providing the RFID reader update to the RFID reader when thecomparison determines that the RFID reader should be updated, whereinthe RFID reader update is provided by the cellphone to the RFID readerfor authorization.
 2. The method of claim 1, further comprisingreceiving an access update via the cellular telephone interface; storingthe access update in the memory, and wherein the RFID reader isassociated with a location, and wherein the cellular telephone isassociated with a guest of the location.
 3. The method of claim 2,wherein the RFID reader is operable to unlock a door to the location. 4.The method of claim 2, wherein the method further comprises: receiving arequest to grant access to the location from an owner of the location.5. The method of claim 2, wherein the cellular telephone is a firstcellular telephone, and wherein the method further comprises: receivinga request for access to the location at a second cellular telephone,wherein the request for access is sent from the first cellulartelephone.
 6. The method of claim 2, wherein the method furthercomprises: revoking the access update.
 7. The method of claim 2, whereinthe RFID reader is a first RFID reader, wherein the access update is afirst authorization associated with the first RFID reader, and whereinthe memory includes a second authorization associated with a second RFIDreader.
 8. The method of claim 7, wherein the second RFID reader isoperable to control access to a place of employment of a user associatedwith the cellular telephone, and wherein the first RFID reader isoperable to control access to a safe house.
 9. The method of claim 8,wherein the method further comprises: receiving instructions at thecellular telephone directing the user associated with the cellulartelephone toward the safe house.
 10. The method of claim 2, wherein thecellular telephone is a first cellular telephone, wherein the memory isa first memory, wherein the cellular telephone interface is a firstcellular telephone interface, wherein the NFC interface is a first NFCinterface, wherein the access update is a first part access code, andwherein the method further comprises: providing a second cellulartelephone including a second memory, a second cellular telephoneinterface, and a second NFC interface; receiving a second part accesscode via the second cellular telephone interface; storing the secondpart access code in the second memory; and initiating a communicationsession with the RFID reader via the second NFC interface.
 11. Themethod of claim 10, wherein the NFC communication with the RFID readervia the first NFC interface transfers the first part access code,wherein the NFC communication with the RFID reader via the second NFCinterface transfers the second part access code, and whereinauthorization to the RFID reader is only complete upon receiving boththe first part access code and the second part access code.
 12. Themethod of claim 11, wherein authorization to the RFID reader is onlycomplete upon receiving both the first part access code and the secondpart access code within a defined time frame.
 13. The method of claim10, wherein the method further comprises: revoking the second partaccess code.
 14. The method of claim 1, wherein the cellular telephonenear the RFID reader to be updated is identified when a request for anupdate is received from the cellular telephone.
 15. The method of claim1, wherein the cellular telephone near the RFID reader to be updated isidentified based on a technician having the cellular telephone beingnear the RFID reader to be updated.